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FIG. 7A 

import javQ.security.BasicPermission; 
import javQ.security.Permission; 
import java.security.PermissionCollection; 
import java.utiLHoshtable; 
import java.utiI.Enumeration; 

public doss IBMPermission extends BasicPermission 
public IBMPermissionQ 
super 

System,out.println("Constructor IBMPermissionQ colled"); 
public IBMPermission(String target) 
super(target); 

System.out.println("Constructor IBMPermission(target.) colled"); 

public IBMPermission(String target, String actions) 
super(target, actions); 

System.out.println("Constructor IBMPermission(target, actions) colled"); 
public boolean implies(Permission perm) 

System.out.println("IBMPermissionjmplies() called"); 

if (perm instanceof IBMPermission) 

return true; 
return false; 

I 

public PermissionCollection newPermissionCollectionQ 
return new IBMPermissionCollection(); 
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final class IBMPermissionCollection extends PermissionCollection 
implements jova.io.Serializable 

private Hashtable permissions; 

public IBMPermissionCollectionQ FIG. 7B 

^ permissions = new Hashtable(); 

public void add(Permission permission) 

if (! (permission instanceof IBMPermission)) 

throw new IllegalArgumentException{"Invalid Permission: " + 

permission) 

IBMPermission ibmp = (IBMPermission) permission;' 
permissions.put(ibmp.getName(). permission); 

public boolean implies (Permission permission) 

if (! (permission instanceof IBMPermission)) 
return false; 

System.out.println("permission instanceof IBMPermission == true"); 

IBMPermission ibmp = (IBMPermission) permission; 

String permName = ibmp,getName(); 

Permission x = (Permission) permissions.get(permName); 

if (x != null) 
{ 

System.out.println("We have a direct hit! " + x.getName()); 
return x.lmplies(permission); 

Enumeration permEnum = permissions.elements(); 
while (permEnum.hosMoreElementsO) 

X = (IBMPermission) permEnum.nextElement(); 
System.out.println(x.getName()); 

if (x.implies(permission)) 
return true; 

I 

return false; 

I 

public enumeration elements() 

return permissions.elements(); 
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import java.security.PermissionCollection; 6/9 
import java. security .AccessController; 

import java.security.AccessControlContext; FIG 7 C 

import java.security.AccessControlException; i 

public class WSPermission extends IBMPermission 
^ public WSPermission{String target) 
^ super(target); 

^ System.outprintlnC'Constructor WSPermission(target) called"); 

public WSPermission(String target, String actions) 
^ super(target, actions); 

^ System.outprintlnC'Constructor WSPermission(target, actions) called"); 

public WSPermissionQ 
^ superC"0; 

^ System.outprintlnC'Constructor WSPermission() called"); 
A* 

* Returns a new IBMPermissionCollection object for storing IBMPermission 

* objects. 

* <p> 

* An IBMPermissionCollection stores a collection of 

* IBMPermission permissions. 

* <p> 

* IBMPermission objects must be stored in a manner that allows them 
to be inserted in any order, but that also enables the 



PermissionCollection <code>implies</code> method 
to be implemented in on efficient (and consistent) manner. 



©return a new IBMPermissionCollection object suitable for 

♦ storing IBMPermission's. 

* / 

public PermissionCollection newPermissionCollectionQ 

System,outprintln(''newPermissionCollection() was colled"); 
IBMPermissionCollection ibmPC = new IBMPermissionCollectionQ; 

// the code here checks if an IBMPermissionCollection has been granted. 
//If yes, then the PermissionCollection returned by this 
// method should contain a WSPermission. 

AccessControlContext occ = AccessController.getContext(); 

* acc.checkPermission{new IBMPermission("PermissionTest")); 
ibmPC.add(new WSPermission{"PermissionTest")); 

catch (AccessControlException ace) 

j System.out.printlnC'IBMPermission WAS NOT GRANTED"); 
, return ibmPC; 
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FIG. 8 

import java.io.*; 

public class PermissionTest 

public static void main(String args[]) 
I 

try 

SecurityManager sm = System.getSecurityManager(); 
if (sm != null) 

System.out.println("SecurityManager is checking for " + 

"WSPermission'O; 

sm.checkPermission(new WSPermission("PermissionTest")); 

I 

System.out.println("WSPermission was granted. + 
"Permission testing 



worked.\n\n\n"); 



nie inputFile = new Fi!e("C:\\win2ip.log"); 
FilelnputStream fis = new nielnputStream(inputFile); 
InputStreamReader isr = new InputStreamReader(fis); 
BufferedReader br = new BufferedReader(isr); 

String lineRead; 

while ((lineRead = brreadUneQ) != null) 
System.out.printtn(lineRead); 

catch (Exception e) 

^ e.printStackTrace(); 
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FIG. 9 

C START ) 



910- 



920- 



930- 



940- 



950- 



960- 



RECEIVE UNTRUSTED 
RESOURCE ACCES S REQUEST 

1 



DETERMINE REQUIRED PERMISSION 
BASED ON CodeSource AND RESOURCE 



CALL SecurityManager CHECK 
PERMISSION ON THE PERMISSION 



CALL AccessControlContext CHECK 
PERMISSION AccessControlContext 



CALL IMPLIESO METHOD 
ON PROTECTION DOMAIN 



I 



CALL NEW PERMISSION COLLECTION 



980- 



985 



990- 



995- 



SUPERCLASS 
PERMISSION PRESENT IN 
ALL PROTECTION DOMAINS 
IN STACK? 

970 " 

Tyes 



ADD PERMISSION TO 
PERMISSION COLLECTION 

i 



I ADD ANY SUBCLASS PERMISSIONS 
y TO PERMISSION COLLECTION 

T 



ADD PERMISSION COLLECTION 
TO AccessControlContext 



DENY RESOURCE 
ACCESS REQUEST "^975 



"I 
I 
I 

. J 



GRANT RESOURCE ACCESS REQUEST 



( END ) 



AUS920010941US1 
Koved et al. 
Method and Apparatus for Type Independent 
Permission Based Access Control 



( START ) 



9/9 



1010- 



1020- 



RECEIVE UNTRUSTED 
RESOURCE ACCESS REQUEST 



FIG. 10 



DETERMINE REQUIRED 
PERMISSION BASED ON 
CodeSource AND RESOURCE 




1030 



1060- 



1070- 



REQUIRED 
PERMISSION IMPUES 
THE SUPERCLASS 
PERMISSION? 

.NO 



DO NOT ADD REQUIRED 

PERMISSION TO 
PERMISSION COLLECTION 

i 



DENY ACCESS REQUEST 



C END ) 







ADD REQUIRED PERMISSION 
TO PERMISSION COLLECTION 



GRANT ACCESS REQUEST 



-1040 

■1050 



FIG. 11 



package sun.security.provider; 

import java.security.PermissionCollection; 
import java.security.CodeSource; 
import IBMPermission; 
import WSPermission; 

public doss MorcoPolicy extends PolicyRle 

public PermissionCollection getPermissions(CodeSource codesource) 



I 



PermissionCollection pc = super.getPermissions(codesource); 

if (pc == null) 
return null; 

if (pcJmpliesfnew IBMPermission (''PermissionTest"))) 
pc.add(new WSPermission('TermissionTest")); 

return pc; 



